Recipe for a Robust Ethernet Network
There are two things we know about Ethernet used in manufacturing and production and one thing to be aware of for the future. First, Ethernet has become the de facto standard network in many industries. Its use even to the input/output (I/O) level has become common. Second, since Ethernet is used by both enterprise and industrial systems, it has become the focal point for the age-old battle between automation and control engineers and information technology (IT) engineers.
The best way to reduce bickering and animosity between those departments is for automation and control engineers to realize that they must add “network engineer” to their expanding list of roles. The purpose of this article is to survey the basics of an Ethernet TCP/IP network and whet your appetite for further learning.
David McCarthy, president and CEO of TriCore, Inc. (www.tricor.com) in Racine, Wis., says, “Industrial Networking is a whole new business area. The plant floor, front office and boardroom are all converging from an information-flow standpoint. Many of the plant floor networks in use today are not commonly understood well by corporate IT staff. Front office and enterprise networks are often not commonly understood well by engineering staff. Designing a robust network solution that satisfies the needs of the maintenance staff, engineering, production managers, plant managers and users of corporate IT systems—not to mention system integrators and other suppliers who may be remotely supporting a facility—requires a unique understanding of how all of this hangs together.”
Cooperation with IT
Bryce Nakatani, a product support group senior engineer with Opto22 (www.opto22.com), Temecula, Calif., says, “Ethernet is really robust and forgiving. On the other hand, some people corner themselves without realizing it. We recommend that people use isolated segments, so they don’t encroach on the IT world. The problem comes in not defining a segment, or subnet size. They may define a 255.255.255.0 subnet without realizing they’ll have more devices than that IP address series will allow.”
Jim Toepper, product marketing manager for Moxa Americas (www.moxa.com), Brea, Calif., says, “We’re seeing a challenge in getting IT buy off. For example, while working with a mass transit authority, IT guys had to implement the network, but they said they wanted Cisco: ‘We don’t know your network, and rings aren’t proven technology.’ Well, not proven to them. So we had to discuss a whole different philosophy to show them about averting downtime. In other major commercial vendor’s philosophies, you don’t have different topologies. For industrial, it’s okay to have a flat network, so rings are okay. We sort of had to unteach them, then teach them again.”
Mark Fondl, president of Network Vision Software (www.intravue.net) in Newburyport, Mass., has been preaching Ethernet for industrial applications since the late 1990s. He offers some cautions and pointers for beginning to think about applying the network. “The first fallacy is the thought that Ethernet is a single network. One of the first things I teach is that you won’t have single networks,” he adds. “I’m working with a client that will have 900 separate networks—not only replacing PLC (programmable logic controller) to HMI (human-machine interface), but also to drives, I/O and peer-to-peer. In the old days, maybe we’d have SERCOS, Remote I/O, Modbus Plus, and so on. Now it’s all going into Ethernet. But even if it is a common technology, be careful about how you break it up and apply it.”
As soon as you start using a technology found in the office for manufacturing applications, inevitably conflict between enterprise IT engineers and automation engineers arises. Chuck Tommey, PE, is senior business development engineer with A&E Engineering Inc. (www.aeengr.com) in Greer, S.C.—a full service electrical engineering / automation house offering drawings, functional specifications, programming, HMI development and more associated with Siemens Industry products. Tommey says, “From a consultant point of view, my approach is to get the two sides to sit down and talk. In a lot of places, animosity has built up over the years. Getting them together can be a task, but usually it helps things greatly. We just help each side understand what the other is trying to do. The problem is getting a little less, since the automation suppliers have heard and understood there’s difficulty between the two, and have started making products a little more IT-friendly.”
Security sticks out
Security is another sticking point with IT people, who never believe that automation people take it seriously. Tommey adds, “From engineering point of view you can implement VLANs (virtual local area networks), Layer 3 switching, firewalls with DMZs to combat the security issues. Think in zones and conduits. Know the traffic between zones and watch then alert if something not known is seen. And (remember that) there is never enough separation of networks on the control side.”
Carl Henning, deputy director of Profinet/Profibus association PI North America (www.us.profibus.com) in Phoenix notes, “We see some improvement in the control engineer vs. IT thing. When we did the Executive Leadership Forum in Miami, quite a few comments related to IT were made and they were mostly positive. We talk to IT in the beginning and then set up a line of demarcation—usually a switch or firewall, which is my preference. Even if there is tension, there is room for a control engineer to learn and leverage tools from the IT world. What I’ve seen over the past seven years is improvement in the relationship.”
One of the problems seen by Mark Cooksley, product manager-software tools for Hirschmann Products, a Belden company (www.hirschmann.com) in Chambersburg, Pa., is that “engineers assume the network will just work—just like the old serial networks. They are sort of a big black hole or mystery.” Cooksley says that his people still spend a lot of time in the sales cycle on the basics of Ethernet and TCP/IP, the differences between office and industrial applications, and the differences between protocols such as email and file transfer.
Cooksley points out that 35 percent of network failures are just cabling. Learning to install cables correctly solves a lot of problems before they occur. Further, 25 percent of failures come from the data link layer composed of switches, he says.
Bad installation practices
Jim Laurita, technical services manager for Hirschmann Products, adds, “We find a lot of cable mismanagement and inefficiencies, poor cabling and bad installation practices. People do things such as taking four lefts to make a right. The biggest thing is people are not utilizing the capabilities of products they purchased. Some have ‘turn it on disease’ where they turn on everything needed or not. They purchase a managed switch but run a flat network. Or they won’t put in redundancies or won’t purchase network management software. People generally look at components as an afterthought. They may spend tens to hundreds of thousands on control equipment, then buy a product cheaply that’s essentially the heartbeat of the infrastructure.”
So, what do we need to know about the physical media of an Ethernet TCP/IP network?
Don Nester, product manager for Chainflex continuous flex cables at igus Inc. (www.igus.com) in East Providence, R.I., says, “If you are specifying an Ethernet cable for a static application, there are a number of different options available. While factors such as price, availability, life expectancy and manufacturer loyalty will affect the decision, most standard Ethernet cables share a similar design and will deliver a satisfactory performance.”
Nester continues, “However, when a standard Ethernet cable is used in a manufacturing application, its mechanical quality will be tested in different ways versus if it were used in an office setting. In this type of application, it is most important that the cable meets electrical and mechanical requirements and also maintains data rates after years of cycling. Some of the key design considerations should be temperature, exposure to oils and chemicals, abrasion points and whether continuous movement is required.”
Craig Zagorski, market and applications manager for automation at Harting Inc. (www.harting-usa.com) in Elgin, Ill. says, “With today’s Ethernet speeds, especially on the industrial floor, there is the necessity to have a good quality data cable that can withstand the harsh environment. Shielding in, or on, the cable is especially critical. It is essential to eliminate any interference coming from its surroundings. If there is the requirement to run a network cable alongside a power cable, two things should definitely be considered: A shielded cable is a must, but also consider a raceway or wire-way type of product.
Mike Hannah, manager of product development for networks at Rockwell Automation (www.rockwellautomation.com), Milwaukee, adds, “You’ve got to assure good ground plane, cable management, grounding, bonding, shielding and good control panel design. Everyone knows Ethernet, but in an industrial setting, things happen like the tabs break off the RJ45 connector. When a machine has a fault and the operator calls maintenance, it may have just been the cable or a loose connector.”
Using off-the-shelf CAT5 cables and commercial RJ45 connectors is often not optimum, agrees Shaun Kneller, key accounts sales manager for B&R Automation (www.br-automation.com) in Roswell, Ga. “Our connectors have a metal shield, and you connect to hubs, switches and interfaces that all have metal shields. So you have grounding through the whole network. Also consider using two twisted pair cables that have independent shielding around each, then a shield around the whole cable. And use a jacket that is resistant to oils, cleaning agents and water.”
Another interesting characteristic of Ethernet networking is the flexibility it offers for layout—or what is known as topology. Diane Davis, vice president of product management for N-Tron/Red Lion (www.redlion.net) in Mobile, Ala. says the star topology still most common. This topology, most used in office environments, has every device connected to a central component—a switch, hub or router, for example. Davis adds, “But now ring topology is used for redundancy. Usually people use a hybrid of several (topologies) in their networks. We are seeing more rings, since people do like having the redundancy for the self-healing networks. They can isolate these using VLANs, although VLANs can make it tough for the night operator.”
The heart of an Ethernet TCP/IP network is the switch—except that it’s not so simple. You’ll hear about managed versus unmanaged and Layer 2 versus Layer 3. Routers are another component that is higher-end, more intelligent than a managed switch.
PI’s Henning says that with today’s industrial switches, “You don’t need a Ph.D. in Cisco to run them. But, you will either use a managed switch or wish you had.” His quick differentiation is that unmanaged switches give you blinking LEDs, while managed switches give you information to minimize downtime. “Yes, you can buy a $35 Linksys switch, but will it survive in the plant and will it give you the information you need?” he asks.
Charlton Buck, product manager for North America industrial communications and power networks at Harting, differentiates types of switches. “Managed switches are feature rich with access to parameter settings through a web browser. The parameter configurations allow for traffic boundary settings, increased security and port speed regulation. Configurable switches are feature enable devices, routinely used to set port speed, port accessibility and monitor data traffic. Unmanaged switches are plug and play devices with predominately no parameter settings.”
Larry Komarek, business development manager at Phoenix Contact (www.phoenixcontact.com) in Harrisburg, Pa. says, “Speed is a consideration in using routers. They can be slower. There’s an old IT adage, ‘switch if you can, route if you must.’ You need to balance speed versus functionality. Some industrial protocols, especially if multicast, can have a flooding effect on unmanaged switches, overloading the CPUs and causing a loss of communication. If you are using redundancy with managed switches, the standard IT rapid spanning tree protocol is slow for control applications. You’ll want to use standard IEEE redundancy or one of the plethora of ring protocols.”
Alex Lin, product manager industrial communication at Advantech (www.advantech.com) in Cincinnati, adds, “Unmanaged switches are easy. You only need knowledge of standard wiring practices. If you use a Cisco managed switch, you’ll need a lot of training. However with complexity come lots of features. We also deal a lot with protocol converters—from serial to Ethernet. A lot of people have forgotten about serial, but there is still a lot of it in the plant. You would use a managed switch if you want redundancy, network stability or if it’s a critical network.”
To obtain a quick definition of Layer 2 versus Layer 3 switches, wiki.answers.com has the, er, answer. “Basically a Layer 2 switch operates utilizing MAC (hardware) addresses in its caching table to quickly pass information from port to port. A Layer 3 switch utilizes IP addresses to do the same. A Layer 2 switch will learn about MAC addresses connected to each port, and passes frames marked for those ports. Layer 3 switching is a hybrid of a router and a switch.… In route caching, the switch required both a Route Processor (RP) and a Switch Engine (SE). The RP must listen to the first packet to determine the destination. At that point the Switch Engine makes a shortcut entry in the caching table for the rest of the packets to follow. Layer 2 switches enable a flat topology scheme, whereas a Layer 3 switch allows for hierarchical layers of networks.”
Gregory Wilcox, business development manager for networks at Rockwell Automation in Milwaukee, says, “They’re building large flat Layer 2 networks, but networks still need a structure and hierarchy. You should build domains then into a Layer 3 switch where they can see things. You use structure and hierarchy to avoid network sprawl.”
Since Layer 3 switches use IP addresses, setting those addresses for devices becomes crucial to finding them on the network. Wilcox, again, “There are a couple of ways to set IP addresses. One is on most devices we deploy 3-switch method. It could be rotary or push pin. You set last octet number. Since 192.168.1 is the first three octet default, so the 3rd shift guy only needs to look at the device, see what the setting is, set the new one, plug in and run.”
Then there is the industrial Ethernet protocols that use standard Ethernet physical layers but use their own protocols on the wire. For example, EtherCat, sponsored by Beckhoff Automation (www.beckhoff.com) in Verl, Germany, dispenses with the TCP/IP part of the equation. According to Joey Stubbs, North American representative of the EtherCat Technology Group, says, EtherCat “stops short of requiring any active routing infrastructure to service the fieldbus network. This means that with EtherCat, there is no need for IT involvement, IT experience or IT equipment or hardware—beyond knowing what an Ethernet port is on the controller and being able to plug cables in.
An EtherCat network does not need switches or hubs (and slave devices do not even have these built in), says Stubbs, “so there is no need to worry about IP addresses (there are none), MAC addresses (there are none), or configuring LANs (since you do not need them).”
Overall, “Ethernet is the enterprise technology enabler. It allows interaction of control and IT worlds,” says Peter Esparrago, Maverick plant floor 24 of Maverick Technologies (www.mavtechglobal.com), a Columbia, Ill.-based system integrator. “Lots of plant and operations guys just don’t trust IT. So they look at Maverick (and other system integrators) as a bridge. Regarding security, plant floor guys don’t think they’re vulnerable, but many are becoming aware. We apply same best practices, such as defense in depth.”
Esparrago says integrators keep production up and running: “Corporate IT has been monitoring networks, but more at the WAN-Router-Business network and stop at DMZ (if there is one). They don’t see much when going lower, so no one is monitoring at the control level. The need is to monitor from device layer to business layer. Engineers want us to monitor up to Level 2 because they don’t trust IT.”
Jason Montroy, client relationship manager at Maverick Technologies adds, “Ethernet networks allow for more remote monitoring. We can offer support 24/7/365. As Ethernet became established, plants that had issues could call in internal resources for trouble-shooting and repair. Now, we’ve developed a pool of resources so users can tap in and access resources without travel.”